This is an Awareness Blog to consider the future of your world. Actions are being done now to restore our world. Watch and become AWARE!
3.5 MILLION VIEWS PER MONTH
Exclusive public outlet for documentation and notices from The Original Jurisdiction Republic 1861 circa 2010.

Saturday, May 13, 2017

Your HP laptop may be silently recording everything you are typing on your keyboard.

While
examining Windows Active Domain infrastructures, security researchers
from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.
In general, Keylogger is a program that records every
keystroke by monitoring every key you have pressed on your keyboard.
Usually, malware and trojans use this ability to steal your account
information, credit card numbers, passwords, and other private data.

HP
computers come with Audio Chips developed by Conexant, a manufacturer
of integrated circuits, who also develops drivers for its audio chips.
Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the
software to communicate with the hardware.

Depending upon the
computer model, HP also embeds some code inside the audio drivers
delivered by Conexant that controls the special keys, such as Media keys
offers on the keypad.

Keylogger Found Pre-Installed in HP Audio Driver

According to researchers, the flawed code (CVE-2017-8360)
written by HP was poorly implemented, that not just captures the special
keys but also records every single key-press and store them in a
human-readable file.

This log file, which is located at the
public folder C:\Users\Public\MicTray.log, contains a lot of sensitive
information like users' login data and passwords, which is accessible to
any user or 3rd party applications installed on the computer.

Therefore,
a malware installed on or even a person with physical access to a PC
can copy the log file and have access to all your keystrokes, extracting
your sensitive data such as bank details, passwords, chat logs, and
source code.

"So what's the point of a keylogger in an audio driver? Does
HP deliver pre-installed spyware? Is HP itself a victim of a backdoored
software that third-party vendors have developed on behalf of HP?"
Modzero researchers question HP.

In 2015, this keylogging feature was introduced as a new diagnostic
feature with an update version 1.0.0.46 for HP audio drivers and existed
on nearly 30 different HP Windows PC models shipped since then.

Affected models include PCs from the HP Elitebook 800 series, the
EliteBook Folio G1, HP ProBook 600 and 400 series, and many others. You
can find a full list of affected HP PC models in the Modzero's security advisory.

Researchers also warned that "probably other hardware vendors, shipping Conexant hardware and drivers" may also be affected.

How to Check if You are Affected and Prevent Yourself

If any of these two following files exist in your system, then this keylogger is present on your PC:

C:\Windows\System32\MicTray64.exe

C:\Windows\System32\MicTray.exe

If any of the above files exist, Modzero advises that you should
either delete or rename the above-mentioned executable file in order to
prevent the audio driver from collecting your keystrokes.

"Although the file is overwritten after each login, the
content is likely to be easily monitored by running processes or
forensic tools," researchers warned. "If you regularly make incremental
backups of your hard-drive - whether in the cloud or on an external
hard-drive – a history of all keystrokes of the last few years could
probably be found in your backups."

Also, if you make regular backups of your hard drive that include the
Public folder, the keylogging file in question may also exist there
with your sensitive data in plain text for anyone to see. So, wipe that
as well.

Nesaranews Mission Statement

Question -- What is the goal of this website? Why do we share different sources of information that sometimes conflicts or might even be considered disinformation?

Answer -- The primary goal of Nesaranews is to help all people become better truth-seekers in a real-time boots-on-the-ground fashion. This is for the purpose of learning to think critically, discovering the truth from within—not just believing things blindly because it came from an "authority" or credible source. Instead of telling you what the truth is, we share information from many sources so that you can discern it for yourself. We focus on teaching you the tools to become your own authority on the truth, gaining self-mastery, sovereignty, and freedom in the process. We want each of you to become your own leaders and masters of personal discernment, and as such, all information should be vetted, analyzed and discerned at a personal level. We also encourage you to discuss your thoughts in the comments section of this site to engage in a group discernment process.

"It is the mark of an educated mind to be able to entertain a thought without accepting it." – Aristotle

11

Followers

The articles on this blog are reproduced in accordance with Section 107 of title 17 of the Copyright Law of the United States relating to fair-use and is for the purposes of criticism, comment, news reporting, teaching, scholarship, and research.

US Supreme Court, in 1985, “Dowling v. United States”, unequivocally held that allegations of copyright infringement can be prosecuted only under copyright-specific legislation, not criminal law.